summaryrefslogtreecommitdiff
path: root/lib/http_digest.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-06-25 11:28:22 +0200
committerDaniel Stenberg <daniel@haxx.se>2013-06-25 11:28:22 +0200
commit98b0d66eb48c88191a8908627f722a464b7c4199 (patch)
tree4235bfaed079184c3bbe6c896531288385d791b5 /lib/http_digest.c
parent9c2853f2aecb53c05f9b78a223c3cbfac84327c7 (diff)
downloadcurl-98b0d66eb48c88191a8908627f722a464b7c4199.tar.gz
digest: improve nonce generation
Use the new improved Curl_rand() to generate better random nonce for Digest auth.
Diffstat (limited to 'lib/http_digest.c')
-rw-r--r--lib/http_digest.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/lib/http_digest.c b/lib/http_digest.c
index 5459924df..50ccc05ad 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -33,6 +33,7 @@
#include "strtok.h"
#include "url.h" /* for Curl_safefree() */
#include "curl_memory.h"
+#include "sslgen.h" /* for Curl_rand() */
#include "non-ascii.h" /* included for Curl_convert_... prototypes */
#include "warnless.h"
@@ -316,8 +317,6 @@ CURLcode Curl_output_digest(struct connectdata *conn,
char *cnonce = NULL;
size_t cnonce_sz = 0;
char *tmp = NULL;
- struct timeval now;
-
char **allocuserpwd;
size_t userlen;
const char *userp;
@@ -376,10 +375,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
d->nc = 1;
if(!d->cnonce) {
- /* Generate a cnonce */
- now = Curl_tvnow();
- snprintf(cnoncebuf, sizeof(cnoncebuf), "%32ld",
- (long)now.tv_sec + now.tv_usec);
+ snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x",
+ Curl_rand(data), Curl_rand(data));
rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
&cnonce, &cnonce_sz);